-
-
Notifications
You must be signed in to change notification settings - Fork 7
135 lines (117 loc) · 3.86 KB
/
terragrunt.yml
File metadata and controls
135 lines (117 loc) · 3.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: 'Terragrunt'
on:
workflow_dispatch:
pull_request:
branches: [ "main" ]
paths:
- "tf/**"
- ".github/workflows/terragrunt.yml"
- ".mise/config.toml"
push:
branches: [ "main" ]
paths:
- "tf/**"
- ".github/workflows/terragrunt.yml"
- ".mise/config.toml"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
env:
working_dir: 'tf/deployment'
TG_NON_INTERACTIVE: 'true'
permissions: {}
jobs:
check:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: 'Checkout'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install 1Password CLI
uses: 1password/install-cli-action@9a0c9dd934086b7ab1d90115d455bda1c53c2bdb # v2.0.2
with:
version: 2.30.3
- name: Setup Mise
uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2
- name: Check Formatting
run: terragrunt hcl format --check --diff
- name: Check terraform fmt
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_DEV_ENV }}
ENVIRONMENT: dev
run: mise run tf fmt -- -diff -check
plan:
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/main'
permissions:
contents: read
steps:
- name: 'Checkout'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install 1Password CLI
uses: 1password/install-cli-action@9a0c9dd934086b7ab1d90115d455bda1c53c2bdb # v2.0.2
with:
version: 2.30.3
- name: Setup Mise
uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2
- name: Plan Shared
working-directory: ${{ env.working_dir }}/modules/shared
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }}
ENVIRONMENT: prod
run: mise run tf:plan
- name: Plan Dev
working-directory: ${{ env.working_dir }}/modules/scoped
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_DEV_ENV }}
ENVIRONMENT: dev
run: mise run tf:plan
- name: Plan Prod
working-directory: ${{ env.working_dir }}/modules/scoped
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }}
ENVIRONMENT: prod
run: |
mise run tf:init
mise run tf:plan
deploy:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
contents: read
steps:
- name: 'Checkout'
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Install 1Password CLI
uses: 1password/install-cli-action@9a0c9dd934086b7ab1d90115d455bda1c53c2bdb # v2.0.2
with:
version: 2.30.3
- name: Setup Mise
uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2
- name: Deploy Shared
working-directory: ${{ env.working_dir }}/modules/shared
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }}
ENVIRONMENT: prod
run: mise run tf:apply
- name: Deploy Dev
working-directory: ${{ env.working_dir }}/modules/scoped
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_DEV_ENV }}
ENVIRONMENT: dev
run: mise run tf:apply
- name: Deploy Prod
working-directory: ${{ env.working_dir }}/modules/scoped
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }}
ENVIRONMENT: prod
run: |
mise run tf:init
mise run tf:apply